![Domain spoofing (noun) [Word Notes] - Hacking Humans cover](/_next/image?url=https%3A%2F%2Fmegaphone.imgix.net%2Fpodcasts%2F8cd14546-05e6-11f1-95b8-87089617e4e8%2Fimage%2F441b0ca2db080b93b935568d381ce462.png%3Fixlib%3Drails-4.3.1%26max-w%3D3000%26max-h%3D3000%26fit%3Dcrop%26auto%3Dformat%2Ccompress&w=1920&q=75)
Transcript
A (0:02)
You're listening to the Cyberwire network. Powered by n2k. Identity is a top attack vector in our interview with Kavitha Mariapan from Rubrik, she breaks down why 90% of security leaders believe that identity based attacks are their biggest threat. Throughout this conversation we explore why recovery times are getting longer, not shorter, and what resiliency will look like in this AI driven world. If you're struggling to get a handle on identity risk, this is something you should tune into. Check out the full interview@thecyberwire.com Rubrik. Maybe that's an urgent message from your CEO, or maybe it's a deepfake trying to target your business. Doppel is the AI native social engineering defense platform fighting back against impersonation and manipulation. As attackers use AI to make their tactics more sophisticated, Doppel uses it to fight back from automatically dismantling cross channel attacks to building team resilience and more Doppel outpacing what's next in social engineering? Learn more@doppl.com that's-o P E L.com.
B (1:39)
The word is domain Spoofing. Spelled domain as in a logical grouping of one or more computer networks within the same infrastructure, and spoofing as in an impersonation of something. Definition A social engineering tactic in which hackers build a malicious domain to mimic a legitimate one. Example sentence the attacker used a spoof domain to represent PayPal's login page, Origin and context. Domain spoofing is a social engineering technique where an attacker impersonates a legitimate domain in order to trick a victim into performing some action. A common hacker technique is to register domain names with URLs that very closely resembles legitimate websites. For example, one valid URL associated with the German Penta bank is getpenta.com In 2021, hackers registered a spoofed URL called getpenta-bank.com and according to the website DomainSpace IO, tried to collect customer login data with a fake website. Unfortunately, there isn't one slam dunk prevention solution. To protect against this technique, network defenders rely on a series of less than perfect solutions like the combination of anti spam tools validating SSL certificates, verifying protocols like dmarc, Domain Based Message Authentication and dkim if they exist, and training employees what to look for in their internal security awareness programs. Nerd reference in the 2018 movie Impossible Fallout, starring Tom Cruise as the impossible Mission Force leader, IMF and Ving Rhames, the team's hacker, the IMF team captures a Norwegian nuclear weapons terrorist named Nils Delbrug, who has information they need to stop a nuclear explosion. After they rough him up a bit, they place him in what appears to be a hospital room with a TV broadcasting CNN news. When he awakes, they convince him that he has been unconscious for two weeks. After the Schedul nuclear detonation. Delbruck desperately wants to publish his manifesto to the world explaining why he did it. He makes a deal with Cruz to exchange his laptop password. If Cruz releases the manifesto to the public. Cruise calls Wolf Blitzer from CNN News. And in real time. Blitzer reads the manifesto on air and Delbruck gives up the password. As soon as he does, the four hospital walls fall flat to the ground to reveal Delbruck was not in a hospital, but a big warehous. Wolf Blitzer walks up, pulls off his fake IMF mask to reveal Simon Pegg, another of Crew's IMF team.